[Owasp-boston] OWASP March mtg- Thurs. March 8

Weiler, Jim Jim.Weiler at starwoodhotels.com
Tue Feb 28 15:31:35 UTC 2012

6:30 at JobSpring, Boyleston st, with the Boston Security Meetup group.
Speaker will be VP for Security Research at ZScaler, along with other
speakers at the security meetup.


Corporate Espionage for Dummies: The Hidden Threat of Embedded Web


Today, everything from kitchen appliances to television sets come with
an IP address. Network connectivity for various hardware devices opens
up exciting opportunities. Forgot to lower the thermostat before leaving
the house? Simply access it online. Need to record a show? Start the DVR
with a mobile app. While embedded web servers are now as common as
digital displays in hardware devices, sadly, security is not. What if
that same convenience exposed photocopied documents online or allowed
outsiders to record your telephone conversations? A frightening thought


Software vendors have been forced to climb the security learning curve.
As independent researchers uncovered embarrassing vulnerabilities,
vendors had little choice but to plug the holes and revamp development
lifecycles to bake security into products. Vendors of embedded web
servers have faced minimal scrutiny and as such are at least a decade
behind when it comes to security practices. Today, network connected
devices are regularly deployed with virtually no security whatsoever.


The risk of insecure embedded web servers has been amplified by insecure
networking practices. Every home and small business now runs a wireless
network, but it was likely set up by someone with virtually no
networking expertise. As such, many devices designed only for LAN access
are now unintentionally Internet facing and wide open to attack from
anyone, regardless of their location.


Leveraging the power of cloud based services, Zscaler spent several
months scanning large portions of the Internet to understand the scope
of this threat. Our findings will make any business owner think twice
before purchasing a 'wifi enabled' device. We'll share the results of
our findings, reveal specific vulnerabilities in a multitude of
appliances and discuss how embedded web servers will represent a target
rich environment for years to come. 


More info to follow.


Jim Weiler       CISSP   CSSLP   GSSP - Java

Application Security Architect

Starwood Hotels      1505 Washington St.   Braintree MA. 02184

desk - 781 356 0067

mobile - 7816546048


This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20120228/27316493/attachment.html>

More information about the Owasp-boston mailing list